CVE-2026-1186

Vulnerability Description

EAP Legislator is vulnerable to Path Traversal in file extraction functionality. Attacker can prepare zipx archive (default file type used by the Legislator application) and choose arbitrary path outside the intended directory (e.x. system startup) where files will be extracted by the victim upon opening the file. This issue was fixed in version 2.25a.

Related Weaknesses (CWE)

CWE-22

References

https://abcpro.pl/eap-legislator
https://cert.pl/posts/2026/02/CVE-2026-1186

FAQ

What is CVE-2026-1186?

CVE-2026-1186 is a documented vulnerability. EAP Legislator is vulnerable to Path Traversal in file extraction functionality. Attacker can prepare zipx archive (default file type used by the Legislator application) and choose arbitrary path outs...

How severe is CVE-2026-1186?

CVSS scoring is not yet available for CVE-2026-1186. Check NVD for updates.

Is there a patch for CVE-2026-1186?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.